gcleaner

General

Target

JaffaCakes118_439568d8164b4e3e1cd0a49e7e21dc22
Size

443KB
Sample

250107-a1rx1swkgs
MD5

439568d8164b4e3e1cd0a49e7e21dc22
SHA1

6b42c56eb7c5dade339a00577f8707f8d6ae1f3f
SHA256

079b91f70c2044f6ab1e346c4092ea661a4a2fb0ed8766401b1ee8f569f76a52
SHA512

d4d4287f53bc3628356cbf92b7e2bedd871603709fd9998fd1769cddb4a11cb1a75a404c6f8a4549a4951dce27641bde3277fa8245f4e4407ff31720ec99d67a
SSDEEP

12288:4WM1dcA6K1K93oupFHnubPMs+DF5N7miz8WL:4QKO37p2U1D/N7Lf

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_439568d8164b4e3e1cd0a49e7e21dc22
- Size
  
  443KB
- MD5
  
  439568d8164b4e3e1cd0a49e7e21dc22
- SHA1
  
  6b42c56eb7c5dade339a00577f8707f8d6ae1f3f
- SHA256
  
  079b91f70c2044f6ab1e346c4092ea661a4a2fb0ed8766401b1ee8f569f76a52
- SHA512
  
  d4d4287f53bc3628356cbf92b7e2bedd871603709fd9998fd1769cddb4a11cb1a75a404c6f8a4549a4951dce27641bde3277fa8245f4e4407ff31720ec99d67a
- SSDEEP
  
  12288:4WM1dcA6K1K93oupFHnubPMs+DF5N7miz8WL:4QKO37p2U1D/N7Lf
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2